Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help - I'm so infected I don't know where to start

Started by Eshagel , Feb 17 2008 08:08 PM

  • Please log in to reply

#1
Eshagel
Posted 17 February 2008 - 08:08 PM

Eshagel

    Member

  • Member
  • PipPip
  • 17 posts
I'm being hijacked and maljacked and all kinds of weird stuff going on (like the computer just starts playing music when no one is on it).

I know this isn't much to go on but what can I send you to get started

THANKS

Bill
  • 0

Advertisements

#2
kahdah
Posted 17 February 2008 - 08:25 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello Eshagel

Welcome to G2Go. :)
=====================
* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\Hijack This.
  • Click on I agree
  • Then Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Eshagel
Posted 18 February 2008 - 05:10 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here it is- Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:08:10 PM, on 2/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\folvrnft.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {064AEF9F-6DD1-4F36-942F-4481175BFF63} - C:\WINDOWS\java\arsw.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C7E4DB5-85F9-483E-B1A8-0F39405B6AB6} - C:\WINDOWS\system32\pmnlk.dll (file missing)
O2 - BHO: (no name) - {2F31ED2F-C59D-466E-9796-005B9DDE2EA0} - C:\WINDOWS\system32\sfqeyblg.dll (file missing)
O2 - BHO: (no name) - {323A8C4D-FE55-499F-BD70-158D78B072DB} - C:\Program Files\MSN\ryxycum83122.dll (file missing)
O2 - BHO: (no name) - {43bfa2f2-6bc6-4b22-a804-15f06a453c72} - C:\WINDOWS\system32\comunt.dll (file missing)
O2 - BHO: (no name) - {50CFC5D1-AB64-4423-A5C7-29EC979C86C7} - C:\WINDOWS\system32\sfqeyblg.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: {02648984-5a6f-56da-2f34-49b9679a09a8} - {8a90a976-9b94-43f2-ad65-f6a548984620} - C:\WINDOWS\system32\hpnpkwvd.dll (file missing)
O2 - BHO: (no name) - {9067F7E0-9DA2-4062-B11A-96FA3390C427} - C:\WINDOWS\system32\sfqeyblg.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\cphiskex.dll (file missing)
O2 - BHO: (no name) - {ADA470C9-46C1-44FB-8DF2-25B89352CCBf} - C:\WINDOWS\system32\sfqeyblg.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O2 - BHO: (no name) - {AFE54671-BFA0-4CC9-BA99-79848025797F} - C:\Program Files\MSN\ryxycum4444.dll (file missing)
O2 - BHO: (no name) - {C7779705-66E1-4B90-B3BD-A9B88EA18A20} - C:\WINDOWS\system32\sfqeyblg.dll (file missing)
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\cphiskex.dll (file missing)
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [2059bf3d] rundll32.exe "C:\WINDOWS\system32\obiaqrcn.dll",b
O4 - HKLM\..\Run: [BM236a8ca1] Rundll32.exe "C:\WINDOWS\system32\hpdyrwwn.dll",s
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: arsw - C:\WINDOWS\java\arsw.dll (file missing)
O20 - Winlogon Notify: comunt - comunt.dll (file missing)
O20 - Winlogon Notify: cphiskex - cphiskex.dll (file missing)
O21 - SSODL: DriveSrv - {189656cf-8ef8-4c58-ae36-848ec6ab0ba1} - C:\WINDOWS\Installer\{189656cf-8ef8-4c58-ae36-848ec6ab0ba1}\DriveSrv.dll
O21 - SSODL: zip - {234d1d31-8a1e-4d4b-89f1-d10c18467d9f} - C:\WINDOWS\Installer\{234d1d31-8a1e-4d4b-89f1-d10c18467d9f}\zip.dll
O21 - SSODL: RomRam - {7544242e-c859-4a7e-8b13-32157baf19d1} - C:\WINDOWS\Installer\{7544242e-c859-4a7e-8b13-32157baf19d1}\RomRam.dll
O21 - SSODL:
O21 - SSODL:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\folvrnft.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10630 bytes
  • 0

#4
kahdah
Posted 18 February 2008 - 05:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
Eshagel
Posted 21 February 2008 - 07:05 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Here is the Combo Fix Log - Thanks

ComboFix 08-02-22 - John-Mark 2008-02-21 19:41:56.1 - NTFSx86
Running from: C:\Documents and Settings\John-Mark\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Dad\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Dad\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Esher-Hagel\Application Data\searchtoolbarcorp
C:\Documents and Settings\Esher-Hagel\Application Data\searchtoolbarcorp\Toolbar Vision\PageHistory.txt
C:\Documents and Settings\Esher-Hagel\Application Data\searchtoolbarcorp\Toolbar Vision\WebHistory.txt
C:\Documents and Settings\Esher-Hagel\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Esher-Hagel\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Esher-Hagel\Favorites\Online Security Guide.lnk
C:\Documents and Settings\John\Desktop\Live Safety Center.lnk
C:\Documents and Settings\John\Desktop\Online Security Guide.lnk
C:\Documents and Settings\John\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Mom\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Mom\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Mom\Favorites\Online Security Guide.lnk
C:\Program Files\folder.js
C:\Program Files\Hammer.dll
C:\Program Files\ini.ini\
C:\Program Files\Internet Explorer\vikivenud.dll
C:\Program Files\Internet Explorer\vikivenud145.dll
C:\Program Files\Internet Explorer\vikivenud147.dll
C:\Program Files\Internet Explorer\vikivenud172.dll
C:\Program Files\Internet Explorer\vikivenud221.dll
C:\Program Files\Internet Explorer\vikivenud249.dll
C:\Program Files\Internet Explorer\vikivenud271.dll
C:\Program Files\Internet Explorer\vikivenud272.dll
C:\Program Files\Internet Explorer\vikivenud273.dll
C:\Program Files\Internet Explorer\vikivenud286.dll
C:\Program Files\Internet Explorer\vikivenud347.dll
C:\Program Files\Internet Explorer\vikivenud350.dll
C:\Program Files\Internet Explorer\vikivenud419.dll
C:\Program Files\Internet Explorer\vikivenud466.dll
C:\Program Files\Internet Explorer\vikivenud517.dll
C:\Program Files\Internet Explorer\vikivenud589.dll
C:\Program Files\Internet Explorer\vikivenud628.dll
C:\Program Files\Internet Explorer\vikivenud644.dll
C:\Program Files\Internet Explorer\vikivenud67.dll
C:\Program Files\Internet Explorer\vikivenud728.dll
C:\Program Files\Internet Explorer\vikivenud734.dll
C:\Program Files\Internet Explorer\vikivenud765.dll
C:\Program Files\Internet Explorer\vikivenud844.dll
C:\Program Files\Internet Explorer\vikivenud858.dll
C:\Program Files\Internet Explorer\vikivenud86.dll
C:\Program Files\Internet Explorer\vikivenud884.dll
C:\Program Files\Internet Explorer\vikivenud900.dll
C:\Program Files\Internet Explorer\vikivenud912.dll
C:\Program Files\Internet Explorer\vikivenud916.dll
C:\Program Files\Internet Explorer\vikivenud95.dll
C:\Program Files\Internet Explorer\vikivenud956.dll
C:\Program Files\vsadd-in
C:\Program Files\vsadd-in\VSAdd-in.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\avp.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\aarsatvm.exe
C:\WINDOWS\system32\ablqokcl.ini
C:\WINDOWS\system32\adeeg.bak1
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\apbhswqe.dll
C:\WINDOWS\system32\ashqmqim.ini
C:\WINDOWS\system32\b2
C:\WINDOWS\system32\bkevcvxm.exe
C:\WINDOWS\system32\boofbweq.exe
C:\WINDOWS\system32\bvfbfchp.dll
C:\WINDOWS\system32\cphiskex.dllbox
C:\WINDOWS\system32\cqmoltch.exe
C:\WINDOWS\system32\crcairev.ini
C:\WINDOWS\system32\crmbryby.exe
C:\WINDOWS\system32\cytluhdj.exe
C:\WINDOWS\system32\dcjchegl.exe
C:\WINDOWS\system32\ddaba.dll
C:\WINDOWS\system32\dikjkijv.ini
C:\WINDOWS\system32\doowtdag.ini
C:\WINDOWS\system32\dpubffti.exe
C:\WINDOWS\system32\drnxxayx.exe
C:\WINDOWS\system32\dsdbphmt.exe
C:\WINDOWS\system32\dxaxjpar.exe
C:\WINDOWS\system32\ebeonsge.ini
C:\WINDOWS\system32\edmhsytj.exe
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\ehrtrhhm.exe
C:\WINDOWS\system32\emdcgkup.exe
C:\WINDOWS\system32\eruognor.dllbox
C:\WINDOWS\system32\ewejjekq.ini
C:\WINDOWS\system32\eyljypbf.exe
C:\WINDOWS\system32\fjriwgcp.dll
C:\WINDOWS\system32\fkoddkrm.dll
C:\WINDOWS\system32\ggahytju.exe
C:\WINDOWS\system32\glhvpxny.exe
C:\WINDOWS\system32\gnnwhlek.exe
C:\WINDOWS\system32\hbkwfjou.exe
C:\WINDOWS\system32\hfiofdxt.dllbox
C:\WINDOWS\system32\hnijtqro.ini
C:\WINDOWS\system32\hpdyrwwn.dll
C:\WINDOWS\system32\hxsnixft.exe
C:\WINDOWS\system32\ibjdfhjt.exe
C:\WINDOWS\system32\ifofajud.ini
C:\WINDOWS\system32\ifofajud.tmp
C:\WINDOWS\system32\ifofajud.tmp2
C:\WINDOWS\system32\iwgmxpmn.ini
C:\WINDOWS\system32\jqitpxty.exe
C:\WINDOWS\system32\jqvmqtvx.exe
C:\WINDOWS\system32\jsfvjqwx.exe
C:\WINDOWS\system32\jtxxfvdp.exe
C:\WINDOWS\system32\jwkkhgyh.dllbox
C:\WINDOWS\system32\jxodxlpd.ini
C:\WINDOWS\system32\kbsphmwh.exe
C:\WINDOWS\system32\kcvqoeki.dll
C:\WINDOWS\system32\kfvdpuhp.ini
C:\WINDOWS\system32\kkmdjvbc.exe
C:\WINDOWS\system32\klnmp.ini
C:\WINDOWS\system32\klnmp.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mejlyrcn.exe
C:\WINDOWS\system32\mfnxkmcp.exe
C:\WINDOWS\system32\msdtvvef.exe
C:\WINDOWS\system32\myrccjud.exe
C:\WINDOWS\system32\nbcgxrvh.exe
C:\WINDOWS\system32\ncrqaibo.ini
C:\WINDOWS\system32\ngttvfhh.exe
C:\WINDOWS\system32\njmwbumy.exe
C:\WINDOWS\system32\nqtlbuiy.exe
C:\WINDOWS\system32\nqtwa.ini
C:\WINDOWS\system32\nqtwa.ini2
C:\WINDOWS\system32\nrdbrekd.exe
C:\WINDOWS\system32\nvsrbdth.exe
C:\WINDOWS\system32\ojypxtra.exe
C:\WINDOWS\system32\opuxqwes.exe
C:\WINDOWS\system32\oqxbdpif.exe
C:\WINDOWS\system32\outistik.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pnjokfye.dll
C:\WINDOWS\system32\pobdspqp.exe
C:\WINDOWS\system32\ptohcxiw.dll
C:\WINDOWS\system32\pvuyohjl.exe
C:\WINDOWS\system32\qgsfoelb.exe
C:\WINDOWS\system32\qrqss.ini
C:\WINDOWS\system32\qrqss.ini2
C:\WINDOWS\system32\raklvwrv.exe
C:\WINDOWS\system32\rnvianla.exe
C:\WINDOWS\system32\rokdjvxj.exe
C:\WINDOWS\system32\rolsboxx.ini
C:\WINDOWS\system32\ronovijd.ini
C:\WINDOWS\system32\rtddreas.dllbox
C:\WINDOWS\system32\rurvtyun.ini
C:\WINDOWS\system32\rvulkpbb.exe
C:\WINDOWS\system32\rwpknpfe.exe
C:\WINDOWS\system32\skneadmu.exe
C:\WINDOWS\system32\snecdlct.exe
C:\WINDOWS\system32\sqxtaemc.dll
C:\WINDOWS\system32\ssgprxjy.ini
C:\WINDOWS\system32\swunnfnd.exe
C:\WINDOWS\system32\sxgnxdmv.ini
C:\WINDOWS\system32\sxtkbpgh.exe
C:\WINDOWS\system32\tdquvsbs.dll
C:\WINDOWS\system32\thirjyhn.dll
C:\WINDOWS\system32\tjovsigp.exe
C:\WINDOWS\system32\tqdxgnwv.dll
C:\WINDOWS\system32\trvwtxrr.dllbox
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ujldbdqo.exe
C:\WINDOWS\system32\ukpmwheu.ini
C:\WINDOWS\system32\ukpmwheu.ini2
C:\WINDOWS\system32\ukpmwheu.tmp
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vMW02a\vMW02a1065.exe
C:\WINDOWS\system32\voeahejg.ini
C:\WINDOWS\system32\vorhnrdg.ini
C:\WINDOWS\system32\vxjtshig.exe
C:\WINDOWS\system32\wabrfjte.exe
C:\WINDOWS\system32\whhfhjhw.exe
C:\WINDOWS\system32\wtdtugtq.exe
C:\WINDOWS\system32\wxohrdxy.exe
C:\WINDOWS\system32\xepkinef.ini
C:\WINDOWS\system32\xliymkyq.exe
C:\WINDOWS\system32\xqvhphxn.exe
C:\WINDOWS\system32\yafradcq.exe
C:\WINDOWS\system32\yfmrruwh.exe
C:\WINDOWS\system32\ygmqgyfg.exe
C:\WINDOWS\system32\z3
C:\WINDOWS\system32\z3\gbb83122.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.

2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp167765.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp167625.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp167500.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp167468.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp165093.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp164875.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp164750.exe
2008-02-21 17:05 . 2008-02-21 17:05 15,872 --a------ C:\Program Files\tmp160406.exe
2008-02-20 20:39 . 2008-02-20 20:40 197 --ah----- C:\IPH.PH
2008-02-20 14:59 . 2008-02-20 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-20 14:58 . 2008-02-20 14:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-19 17:33 . 2008-02-19 17:33 15,872 --a------ C:\Program Files\tmp167187.exe
2008-02-19 17:33 . 2008-02-19 17:33 15,872 --a------ C:\Program Files\156625.exe
2008-02-19 17:33 . 2008-02-19 17:33 15,872 --a------ C:\Program Files\154765.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\tmp154546.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\tmp154515.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\159750.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\156531.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\156515.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\154734.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\154531.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\154468.exe
2008-02-19 17:32 . 2008-02-19 17:32 15,872 --a------ C:\Program Files\154421.exe
2008-02-18 18:07 . 2008-02-18 18:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 20:23 . 2008-02-17 20:23 45,061 --a------ C:\Program Files\tmp167265.exe
2008-02-17 20:23 . 2008-02-17 20:23 10,240 --a------ C:\Program Files\tmp167312.exe
2008-02-17 20:23 . 2008-02-17 20:23 10,240 --a------ C:\Program Files\tmp167250.exe
2008-02-17 18:05 . 2008-02-17 18:05 <DIR> d-------- C:\Documents and Settings\John-Mark\Application Data\AdobeUM
2008-02-16 21:04 . 2008-02-16 21:04 10,240 --a------ C:\Program Files\tmp16504609.exe
2008-02-16 15:57 . 2008-02-16 15:57 10,240 --a------ C:\Program Files\tmp1578765.exe
2008-02-16 15:57 . 2008-02-16 15:57 10,240 --a------ C:\Program Files\tmp1578703.exe
2008-02-16 15:57 . 2008-02-16 15:57 10,240 --a------ C:\Program Files\tmp1578687.exe
2008-02-15 19:55 . 2008-02-15 19:55 10,240 --a------ C:\Program Files\tmp4062765.exe
2008-02-14 18:30 . 2008-02-14 18:30 10,240 --a------ C:\Program Files\tmp184718.exe
2008-02-13 09:25 . 2008-02-13 09:25 10,240 --a------ C:\Program Files\tmp147109.exe
2008-02-11 17:09 . 2008-02-11 17:09 10,240 --a------ C:\Program Files\tmp159515.exe
2008-02-11 17:09 . 2008-02-11 17:09 10,240 --a------ C:\Program Files\tmp159500.exe
2008-02-11 17:09 . 2008-02-11 17:09 10,240 --a------ C:\Program Files\tmp159437.exe
2008-02-09 18:50 . 2008-02-09 18:50 10,240 --a------ C:\Program Files\tmp25792828.exe
2008-02-08 21:38 . 2008-02-08 21:38 12,288 --a------ C:\Program Files\tmp145609.exe
2008-02-08 21:38 . 2008-02-08 21:38 12,288 --a------ C:\Program Files\tmp142546.exe
2008-02-08 21:38 . 2008-02-08 21:38 10,240 --a------ C:\Program Files\tmp142390.exe
2008-02-08 18:13 . 2008-02-08 18:13 10,240 --a------ C:\Program Files\270187.exe
2008-02-02 14:06 . 2008-02-21 19:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 14:06 . 2008-02-02 14:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-27 21:01 . 2008-01-27 21:01 <DIR> d-------- C:\Documents and Settings\John-Mark\Application Data\Viewpoint
2008-01-26 12:09 . 2008-01-26 16:57 <DIR> d-------- C:\E-Zsoft
2008-01-26 12:07 . 2008-01-26 12:07 <DIR> d-------- C:\Program Files\E-Zsoft
2008-01-25 21:07 . 2008-02-20 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-25 21:00 . 2008-01-26 23:57 <DIR> d-------- C:\Documents and Settings\John-Mark\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 01:30 --------- d-----w C:\Program Files\Maxis
2008-02-20 19:58 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-02-18 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-18 01:28 --------- d-----w C:\Documents and Settings\Dad\Application Data\U3
2008-02-10 21:05 --------- d-----w C:\Program Files\Dl_cats
2008-02-05 00:38 --------- d-----w C:\Documents and Settings\Mom\Application Data\AVG7
2008-01-29 20:07 78 ----a-w C:\Program Files\ini.ini
2008-01-27 05:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 05:02 --------- d-----w C:\Program Files\ImTOO
2008-01-27 03:24 --------- d-----w C:\Program Files\Google
2008-01-26 01:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-19 03:31 --------- d-----w C:\Program Files\LimeWire
2008-01-19 03:27 --------- d-----w C:\Program Files\QuickTime
2008-01-19 02:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-19 02:33 --------- d-----w C:\Program Files\iTunes
2008-01-19 02:32 --------- d-----w C:\Program Files\iPod
2008-01-19 02:29 --------- d-----w C:\Program Files\Bonjour
2008-01-15 00:25 --------- d-----w C:\Documents and Settings\Mom\Application Data\Apple Computer
2008-01-14 22:10 --------- d-----w C:\Program Files\Music Rescue
2008-01-14 01:01 --------- d-----w C:\Program Files\Dell Photo AIO Printer 942
2008-01-13 16:05 --------- d-----w C:\Program Files\LinksLS98
2008-01-11 02:42 --------- d-----w C:\Program Files\support.com
2008-01-08 03:56 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 03:52 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-08 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-05 20:47 --------- d-----w C:\Program Files\MUSICMATCH
2008-01-03 23:38 --------- d-----w C:\Program Files\Modem Helper
2008-01-02 01:05 --------- d-----w C:\Documents and Settings\Esher-Hagel\Application Data\LimeWire
2008-01-01 21:02 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2006-11-25 07:57 482 ----a-w C:\Program Files\Del.js
2006-05-23 20:59 671 ----a-w C:\Documents and Settings\Mark E-H\Application Data\waver_2.95.dat
2005-10-19 00:22 20,921,040 ----a-w C:\Program Files\AdbeRdr705_enu_full.exe
2006-11-19 04:55 1,447,740 --sha-w C:\WINDOWS\java\wsra.bak1
2007-02-06 22:22 1,006,421 --sha-w C:\WINDOWS\java\wsra.bak2
2007-01-21 05:08 1,059,021 --sha-w C:\WINDOWS\java\wsra.ini2
2007-10-27 01:57 6,465 --sha-w C:\WINDOWS\system32\cdeeg.bak1
2007-10-08 23:42 6,465 --sha-w C:\WINDOWS\system32\egjlm.bak1
2007-10-14 01:23 6,465 --sh--w C:\WINDOWS\system32\gfhkj.bak1
2007-11-16 23:33 6,595 --sha-w C:\WINDOWS\system32\gfhkj.ini2
2007-11-16 02:00 28,413 --sha-w C:\WINDOWS\system32\ggjlm.ini2
2007-11-19 03:53 20,854 --sha-w C:\WINDOWS\system32\ghkmp.ini2
2007-10-28 03:21 6,465 --sh--w C:\WINDOWS\system32\ijkmp.bak1
2007-10-23 22:55 6,465 --sh--w C:\WINDOWS\system32\jjjlm.bak1
2007-10-31 02:41 410,143 --sh--w C:\WINDOWS\system32\jjjlm.bak2
2007-11-08 21:04 6,465 --sh--w C:\WINDOWS\system32\jjkkj.bak1
2007-11-09 16:53 423,149 --sh--w C:\WINDOWS\system32\jjkkj.bak2
2007-11-16 01:59 6,535 --sha-w C:\WINDOWS\system32\rttss.ini2
2007-11-05 21:18 6,465 --sh--w C:\WINDOWS\system32\sstwa.bak1
2007-10-31 19:00 6,465 --sh--w C:\WINDOWS\system32\ybadd.bak1
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064AEF9F-6DD1-4F36-942F-4481175BFF63}]
C:\WINDOWS\java\arsw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C7E4DB5-85F9-483E-B1A8-0F39405B6AB6}]
C:\WINDOWS\system32\pmnlk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F31ED2F-C59D-466E-9796-005B9DDE2EA0}]
C:\WINDOWS\system32\sfqeyblg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323A8C4D-FE55-499F-BD70-158D78B072DB}]
C:\Program Files\MSN\ryxycum83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43bfa2f2-6bc6-4b22-a804-15f06a453c72}]
C:\WINDOWS\system32\comunt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50CFC5D1-AB64-4423-A5C7-29EC979C86C7}]
C:\WINDOWS\system32\sfqeyblg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a90a976-9b94-43f2-ad65-f6a548984620}]
C:\WINDOWS\system32\hpnpkwvd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9067F7E0-9DA2-4062-B11A-96FA3390C427}]
C:\WINDOWS\system32\sfqeyblg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADA470C9-46C1-44FB-8DF2-25B89352CCBf}]
C:\WINDOWS\system32\sfqeyblg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFE54671-BFA0-4CC9-BA99-79848025797F}]
C:\Program Files\MSN\ryxycum4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7779705-66E1-4B90-B3BD-A9B88EA18A20}]
C:\WINDOWS\system32\sfqeyblg.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 21:47 69632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-16 10:33 411648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 11:20 1838592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 20:16 185896]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 03:08 294912]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 14:08 262144]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2007-11-29 03:22 819712]
"2059bf3d"="C:\WINDOWS\system32\obiaqrcn.dll" [ ]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-16 10:33 145920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DriveSrv"= {189656cf-8ef8-4c58-ae36-848ec6ab0ba1} - C:\WINDOWS\Installer\{189656cf-8ef8-4c58-ae36-848ec6ab0ba1}\DriveSrv.dll [2008-02-08 18:13 14374]
"zip"= {234d1d31-8a1e-4d4b-89f1-d10c18467d9f} - C:\WINDOWS\Installer\{234d1d31-8a1e-4d4b-89f1-d10c18467d9f}\zip.dll [2008-02-08 21:38 39462]
"RomRam"= {7544242e-c859-4a7e-8b13-32157baf19d1} - C:\WINDOWS\Installer\{7544242e-c859-4a7e-8b13-32157baf19d1}\RomRam.dll [2008-02-12 17:39 13862]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arsw]
C:\WINDOWS\java\arsw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comunt]
comunt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cphiskex]
cphiskex.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-29 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
--a------ 2005-04-28 03:08 294912 C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
--a------ 2004-07-27 14:08 262144 C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 05:33 122941 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 01:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-01-31 20:17 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 23:20 339968 C:\WINDOWS\STSYSTRA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-27 19:26]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 15:12]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 16:34]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2002-07-16 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7155e95-a996-11db-8249-00123f9fc663}]
\Shell\AutoRun\command - I:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 16:37:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 19:57:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\Installer\{189656cf-8ef8-4c58-ae36-848ec6ab0ba1}\DriveSrv.dll
-> C:\WINDOWS\Installer\{7544242e-c859-4a7e-8b13-32157baf19d1}\RomRam.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-21 20:01:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 01:01:09
.
2008-02-18 17:42:49 --- E O F ---
  • 0

#6
kahdah
Posted 21 February 2008 - 08:20 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Program Files\tmp167765.exe
C:\Program Files\tmp167625.exe
C:\Program Files\tmp167500.exe
C:\Program Files\tmp167468.exe
C:\Program Files\tmp165093.exe
C:\Program Files\tmp164875.exe
C:\Program Files\tmp164750.exe
C:\Program Files\tmp160406.exe
C:\Program Files\tmp167187.exe
C:\Program Files\156625.exe
C:\Program Files\154765.exe
C:\Program Files\tmp154546.exe
C:\Program Files\tmp154515.exe
C:\Program Files\159750.exe
C:\Program Files\156531.exe
C:\Program Files\156515.exe
C:\Program Files\154734.exe
C:\Program Files\154531.exe
C:\Program Files\154468.exe
C:\Program Files\154421.exe
C:\Program Files\tmp167265.exe
C:\Program Files\tmp167312.exe
C:\Program Files\tmp167250.exe
C:\Program Files\tmp16504609.exe
C:\Program Files\tmp1578765.exe
C:\Program Files\tmp1578703.exe
C:\Program Files\tmp1578687.exe
C:\Program Files\tmp4062765.exe
C:\Program Files\tmp184718.exe
C:\Program Files\tmp147109.exe
C:\Program Files\tmp159515.exe
C:\Program Files\tmp159500.exe
C:\Program Files\tmp159437.exe
C:\Program Files\tmp25792828.exe
C:\Program Files\tmp145609.exe
C:\Program Files\tmp142546.exe
C:\Program Files\tmp142390.exe
C:\Program Files\270187.exe
C:\WINDOWS\java\wsra.bak1
C:\WINDOWS\java\wsra.bak2
C:\WINDOWS\java\wsra.ini2
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\ybadd.bak1
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\sfqeyblg.dll
C:\Program Files\MSN\ryxycum83122.dll
C:\WINDOWS\system32\comunt.dll
C:\WINDOWS\system32\hpnpkwvd.dll
C:\WINDOWS\system32\obiaqrcn.dll
C:\WINDOWS\Installer\{189656cf-8ef8-4c58-ae36-848ec6ab0ba1}\DriveSrv.dll
C:\WINDOWS\Installer\{234d1d31-8a1e-4d4b-89f1-d10c18467d9f}\zip.dll 
C:\WINDOWS\Installer\{7544242e-c859-4a7e-8b13-32157baf19d1}\RomRam.dll 
Folder::
C:\Documents and Settings\John-Mark\Application Data\Viewpoint
C:\WINDOWS\java
C:\Program Files\Viewpoint
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{064AEF9F-6DD1-4F36-942F-4481175BFF63}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C7E4DB5-85F9-483E-B1A8-0F39405B6AB6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F31ED2F-C59D-466E-9796-005B9DDE2EA0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{323A8C4D-FE55-499F-BD70-158D78B072DB}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43bfa2f2-6bc6-4b22-a804-15f06a453c72}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{50CFC5D1-AB64-4423-A5C7-29EC979C86C7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8a90a976-9b94-43f2-ad65-f6a548984620}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9067F7E0-9DA2-4062-B11A-96FA3390C427}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ADA470C9-46C1-44FB-8DF2-25B89352CCBf}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AFE54671-BFA0-4CC9-BA99-79848025797F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C7779705-66E1-4B90-B3BD-A9B88EA18A20}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2059bf3d"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DriveSrv"=-
"zip"=-
"RomRam"=- 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\arsw]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\comunt]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cphiskex]
Driver::
 Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
Eshagel
Posted 23 February 2008 - 01:34 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
THANKS

Here is the ComboFix logfile:

ComboFix 08-02-22 - John-Mark 2008-02-23 14:19:29.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -5:00]
Running from: C:\Documents and Settings\John-Mark\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ini.ini\
.
---- Previous Run -------
.
C:\Documents and Settings\John-Mark\Application Data\Viewpoint
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-1079101228.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-505970296.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-540444473.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1122031235.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\1344396731.swf
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\27572851.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\288018514.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-105675675.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-505970281.mtz
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-530124400.mtz
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-886504912.swf
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\454659531.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-1260778778.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-221763573.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-578137404.swf
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-968039016.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\1085130500.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\343937850.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\407034558.ini
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\945653107.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1459212672.swf
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-1894009033.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-46166133.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-615068164.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-70733690.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-783842327.mtz
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\501228538.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\545157766.mts
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\665917381.mzv
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini
C:\Documents and Settings\John-Mark\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\UpdateVersionList_v2.mtx
C:\Program Files\154421.exe
C:\Program Files\154468.exe
C:\Program Files\154531.exe
C:\Program Files\154734.exe
C:\Program Files\154765.exe
C:\Program Files\156515.exe
C:\Program Files\156531.exe
C:\Program Files\156625.exe
C:\Program Files\159750.exe
C:\Program Files\270187.exe
C:\Program Files\ini.ini\
C:\Program Files\tmp142390.exe
C:\Program Files\tmp142546.exe
C:\Program Files\tmp145609.exe
C:\Program Files\tmp147109.exe
C:\Program Files\tmp154515.exe
C:\Program Files\tmp154546.exe
C:\Program Files\tmp1578687.exe
C:\Program Files\tmp1578703.exe
C:\Program Files\tmp1578765.exe
C:\Program Files\tmp159437.exe
C:\Program Files\tmp159500.exe
C:\Program Files\tmp159515.exe
C:\Program Files\tmp160406.exe
C:\Program Files\tmp164750.exe
C:\Program Files\tmp164875.exe
C:\Program Files\tmp16504609.exe
C:\Program Files\tmp165093.exe
C:\Program Files\tmp167187.exe
C:\Program Files\tmp167250.exe
C:\Program Files\tmp167265.exe
C:\Program Files\tmp167312.exe
C:\Program Files\tmp167468.exe
C:\Program Files\tmp167500.exe
C:\Program Files\tmp167625.exe
C:\Program Files\tmp167765.exe
C:\Program Files\tmp184718.exe
C:\Program Files\tmp25792828.exe
C:\Program Files\tmp4062765.exe
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\Program Files\Viewpoint\Viewpoint Manager\CPtask.xml
C:\Program Files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCP.cpl
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
C:\WINDOWS\Installer\{189656cf-8ef8-4c58-ae36-848ec6ab0ba1}\DriveSrv.dll
C:\WINDOWS\Installer\{234d1d31-8a1e-4d4b-89f1-d10c18467d9f}\zip.dll
C:\WINDOWS\Installer\{7544242e-c859-4a7e-8b13-32157baf19d1}\RomRam.dll
C:\WINDOWS\java
C:\WINDOWS\java\mcrh.tmp
C:\WINDOWS\java\wsra.bak1
C:\WINDOWS\java\wsra.bak2
C:\WINDOWS\java\wsra.ini
C:\WINDOWS\java\wsra.ini2
C:\WINDOWS\system32\cdeeg.bak1
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\gfhkj.bak1
C:\WINDOWS\system32\gfhkj.ini2
C:\WINDOWS\system32\ggjlm.ini2
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjkkj.bak1
C:\WINDOWS\system32\jjkkj.bak2
C:\WINDOWS\system32\rttss.ini2
C:\WINDOWS\system32\sstwa.bak1
C:\WINDOWS\system32\ybadd.bak1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service




((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-23 14:01 . 2008-02-23 14:01 15,872 --a------ C:\Program Files\tmp171437.exe
2008-02-23 10:39 . 2008-02-23 11:16 <DIR> d-a------ C:\Program Files\Linksys EasyLink Advisor
2008-02-20 20:39 . 2008-02-20 20:40 197 --ah----- C:\IPH.PH
2008-02-20 14:59 . 2008-02-20 14:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-20 14:58 . 2008-02-20 14:58 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-18 18:07 . 2008-02-18 18:07 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 18:05 . 2008-02-23 14:17 <DIR> d-------- C:\Documents and Settings\John-Mark\Application Data\AdobeUM
2008-02-02 14:06 . 2008-02-23 14:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-02 14:06 . 2008-02-02 14:06 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-26 12:09 . 2008-01-26 16:57 <DIR> d-------- C:\E-Zsoft
2008-01-26 12:07 . 2008-01-26 12:07 <DIR> d-------- C:\Program Files\E-Zsoft
2008-01-25 21:07 . 2008-02-20 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-01-25 21:00 . 2008-01-26 23:57 <DIR> d-------- C:\Documents and Settings\John-Mark\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 15:40 --------- d-----w C:\Documents and Settings\Dad\Application Data\Gtek
2008-02-23 06:12 242,688 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-02-23 05:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-21 02:14 276,992 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-02-21 01:30 --------- d-----w C:\Program Files\Maxis
2008-02-20 19:58 --------- d-----w C:\Program Files\Common Files\SupportSoft
2008-02-19 05:00 2,591,232 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-02-19 05:00 171,008 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-02-18 21:02 271,872 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-02-18 21:02 2,590,208 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-02-18 17:48 103,249 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_18_12_39_32_small.dmp.zip
2008-02-18 01:28 --------- d-----w C:\Documents and Settings\Dad\Application Data\U3
2008-02-17 04:52 223,744 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-02-15 23:47 96,256 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-02-15 23:47 2,565,120 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-02-15 02:33 9,216 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-02-15 02:31 2,959,360 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-02-10 21:05 --------- d-----w C:\Program Files\Dl_cats
2008-02-09 00:25 98,248 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2008_02_08_18_13_12_small.dmp.zip
2008-02-09 00:23 2,944,512 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-02-09 00:23 2,540,032 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-02-05 00:38 --------- d-----w C:\Documents and Settings\Mom\Application Data\AVG7
2008-01-29 20:07 78 ----a-w C:\Program Files\ini.ini
2008-01-27 05:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 05:02 --------- d-----w C:\Program Files\ImTOO
2008-01-27 03:24 --------- d-----w C:\Program Files\Google
2008-01-26 01:58 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-01-20 23:01 71,744 ----a-w C:\WINDOWS\system32\bebugpak.dll
2008-01-19 15:50 13,435,398 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-01-19 03:31 --------- d-----w C:\Program Files\LimeWire
2008-01-19 03:27 --------- d-----w C:\Program Files\QuickTime
2008-01-19 02:50 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-19 02:33 --------- d-----w C:\Program Files\iTunes
2008-01-19 02:32 --------- d-----w C:\Program Files\iPod
2008-01-19 02:29 --------- d-----w C:\Program Files\Bonjour
2008-01-16 03:18 26,624 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-01-16 03:18 2,487,808 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-01-16 03:14 293,376 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-01-15 00:25 --------- d-----w C:\Documents and Settings\Mom\Application Data\Apple Computer
2008-01-14 22:10 --------- d-----w C:\Program Files\Music Rescue
2008-01-14 21:47 2,484,736 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-01-14 21:47 172,544 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-01-14 01:01 --------- d-----w C:\Program Files\Dell Photo AIO Printer 942
2008-01-13 23:22 273,920 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-01-13 23:22 2,480,640 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-01-13 16:05 --------- d-----w C:\Program Files\LinksLS98
2008-01-12 05:18 2,678,784 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-11 02:42 --------- d-----w C:\Program Files\support.com
2008-01-08 03:56 --------- d-----w C:\Program Files\Apple Software Update
2008-01-08 03:52 --------- d-----w C:\Program Files\Common Files\Apple
2008-01-08 03:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-05 20:47 --------- d-----w C:\Program Files\MUSICMATCH
2008-01-03 23:38 --------- d-----w C:\Program Files\Modem Helper
2008-01-02 01:05 --------- d-----w C:\Documents and Settings\Esher-Hagel\Application Data\LimeWire
2008-01-01 21:02 --------- d-----w C:\Documents and Settings\Dad\Application Data\AVG7
2007-12-20 21:08 71,168 ----a-w C:\WINDOWS\system32\LxrJD31s.exe
2007-12-20 21:08 61,440 ----a-w C:\WINDOWS\system32\LxrJD20Sat.dll
2007-12-20 21:08 249,856 ----a-w C:\WINDOWS\system32\LxrJD31.dll
2007-12-20 21:08 163,840 ----a-w C:\WINDOWS\system32\LxrJD31c.exe
2007-12-20 21:08 146,432 ----a-w C:\WINDOWS\system32\LxrJD31p.exe
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-13 13:11 1,016,693 --sh--w C:\WINDOWS\system32\kajhagmm.tmp
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-30 00:34 195,584 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-11-28 04:00 168,960 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-11-26 04:29 1,677,824 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-11-11 06:21 1,637,888 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-10-30 02:15 428,544 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-10-30 02:15 2,365,440 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-10-26 23:06 503,296 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-10-22 19:02 1,181,696 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-10-13 04:26 863,232 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-10-13 04:26 2,346,496 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-10-06 23:07 2,736,128 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-09-08 22:46 19,423,062 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_09_08_18_25_26_full.dmp.zip
2007-08-13 05:02 226,304 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-07-21 19:13 2,631,680 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-06-18 02:52 103,010 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_06_16_23_33_17_small.dmp.zip
2007-03-16 19:15 2,130,944 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-02-01 20:01 45,863 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_02_01_14_59_44_small.dmp.zip
2007-02-01 20:01 41,435 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_02_01_14_57_04_small.dmp.zip
2007-01-30 20:40 96,170 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_29_15_11_03_small.dmp.zip
2007-01-29 20:11 1,575,936 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-01-16 21:55 84,370 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_16_16_53_35_small.dmp.zip
2007-01-16 21:53 1,565,696 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-01-07 04:47 241,152 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-01-07 04:47 1,555,968 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2006-12-30 23:12 85,287 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_30_16_36_46_small.dmp.zip
2006-12-30 21:36 553,984 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2006-12-30 21:36 1,543,680 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-12-15 22:22 93,963 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_14_17_57_26_small.dmp.zip
2006-12-14 22:57 2,312,192 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 18:16 454784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 21:47 69632]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-16 10:33 411648]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 11:20 1838592]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-31 20:16 185896]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]
"Dell Photo AIO Printer 942"="C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 03:08 294912]
"DellMCM"="C:\Program Files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 14:08 262144]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 15:27 385024]
"iPodConverterSuite_upgrade"="C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" [2007-11-29 03:22 819712]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-16 10:33 145920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=C:\WINDOWS\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk
backup=C:\WINDOWS\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2005-03-29 21:05 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Photo AIO Printer 942]
--a------ 2005-04-28 03:08 294912 C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellMCM]
--a------ 2004-07-27 14:08 262144 C:\Program Files\Dell Photo AIO Printer 942\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2005-05-31 05:33 122941 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 01:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-02-23 16:19 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcasServ]
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-07-27 16:50 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-07-27 16:50 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2007-01-31 20:17 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2005-03-22 23:20 339968 C:\WINDOWS\STSYSTRA.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-27 19:26]
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2004-11-02 15:12]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 16:34]
S3 StMp3Rec;Player Recovery Device Control Driver;C:\WINDOWS\system32\Drivers\StMp3Rec.sys [2002-07-16 14:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7155e95-a996-11db-8249-00123f9fc663}]
\Shell\AutoRun\command - I:\JDSecure\Windows\JDSecure31.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 16:37:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 14:23:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-23 14:24:55
ComboFix-quarantined-files.txt 2008-02-23 19:24:53
ComboFix2.txt 2008-02-22 01:01:14
.
2008-02-18 17:42:49 --- E O F ---

And now the HijackThis Log File

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:22 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com/
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (file missing)
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Dell Photo AIO Printer 942] "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
O4 - HKLM\..\Run: [DellMCM] "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iPodConverterSuite_upgrade] "C:\Program Files\E-Zsoft\iPodConverterSuite\iPodConverterSuite.exe" /upgrade
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...0/Installer.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O21 - SSODL:
O21 - SSODL:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7915 bytes
  • 0

#8
kahdah
Posted 23 February 2008 - 01:43 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#9
Eshagel
Posted 24 February 2008 - 07:28 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Okay I ran the MalwareBytes Full Scan -when it was done I didn't get a screen and couldn't find a screen for removing infected files. So I ran quickscan and here is the log for that.

Malwarebytes' Anti-Malware 1.05
Database version: 397

Scan type: Quick Scan
Objects scanned: 32304
Time elapsed: 7 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 30
Files Infected: 268

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\desktop weather by the weather channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\The Weather Channel FW (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\maps (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\radar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\logos (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\temp (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Internet Explorer\vikivenud167.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud169.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud389.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud509.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud633.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud662.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud666.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud702.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud744.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud829.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud831.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud836.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud925.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\vikivenud99.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\tmp171437.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\app.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\app.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\index_local.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_300X250.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\noinet_728x90.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\no_connection_frame.html (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\query_prams.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\settings.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\files.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\prefs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\config\defaults\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\connection.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\ForecastPageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\HomePageTabs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\instby_module.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\loaction_display.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\loc_manager.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\photo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\preferencesWindowMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\promo.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\side_barmodule.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\VerticalSelectorScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\videoTabMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\app_elements\logo_loader.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\cc.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\detailed.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\hourly.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\tenDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\thirty_six_hour.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\forecast\threeDayForecast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\radarAndMapsMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\maps\sixHundredMileRadar.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\nav_main_button.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\nav_top_right.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\nav\vertical_nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\businessTravelerScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\drivingScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\fitnessScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\golfScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\pollenScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\trafficScreenMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\lib\verticles\weatherHomeMod.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\Thunderclap.mp3 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\ad.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\bkg.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\border.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\homepage_line.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\graphics\nav_bar_border.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\0.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\1.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\17.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\19.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\2.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\22.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\23.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\25.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\35.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\36.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\37.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\39.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\40.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\41.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\42.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\43.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\44.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\45.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\46.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\45x45\testLoad.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\0.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\1.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\17.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\19.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\2.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\22.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\23.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\25.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\31.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\32.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\33.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\34.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\35.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\36.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\37.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\38.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\39.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\40.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\41.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\42.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\43.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\44.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\45.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\46.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\47.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\60x60\testLoad.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\0.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\1.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\10.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\11.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\12.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\13.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\14.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\15.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\16.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\17.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\18.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\19.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\2.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\20.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\21.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\22.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\23.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\24.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\25.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\26.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\27.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\28.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\29.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\3.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\30.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\4.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\5.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\6.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\7.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\8.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\icons\moon\9.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\businessTravelerV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\drivingV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\fitnessV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\golfV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\newsV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\pollenV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\trafficV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\swfs\verticals\weatherV.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\ads.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\app.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\cobrand.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\dimms.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\divs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\files.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\forcast.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\links.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\nav.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\prefs.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\screens.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\version.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\config\vertical.bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\ad.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\bkg.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\border.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\homepage_line.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\nav_bar.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\nav_bar_border.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\graphics\logos\weatherChannelLogo.swf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\maps\east_cen_sat_277x187.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\maps\us_har_closeradar_small_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\maps\us_wxhi1_small_usen.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Desktop Weather\temp\Mark\weather\radar\sixHundredMileRadar.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\flow.xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\notifymessages.ini (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\ver.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\19083.wx (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\ac.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\actimes.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\The Weather Channel FW\Framework\wxcache\times.rfsh (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Desktop Weather 4.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Del.js (Malware.Trace) -> Quarantined and deleted successfully.

There was a second log in the log tab. It looks to be a subsequent quickscan, Here is that log

Malwarebytes' Anti-Malware 1.05
Database version: 397

Scan type: Quick Scan
Objects scanned: 32237
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks
  • 0

#10
kahdah
Posted 24 February 2008 - 07:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok.

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
Eshagel
Posted 26 February 2008 - 09:00 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
This is a problem. I have been using Firefox because IE is not working on my machine. I assumed it had something to do with the Malware infestation.

Should I try to reinstall IE? How would I go about doing that?
  • 0

#12
Eshagel
Posted 26 February 2008 - 09:02 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
p.s. this is the website my shortcut goes to when I click on it

http://go.microsoft....k/?LinkId=74005
  • 0

#13
kahdah
Posted 26 February 2008 - 09:11 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That link is the setup page to Ie7.
All you have to do is customize your settings and it will not come up again.

IF you don't want to customize it now just click oon the little house icon at the top of the browser it will take you to your home page.

see if that helps.
  • 0

#14
Eshagel
Posted 19 March 2008 - 01:40 PM

Eshagel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Dear Kahdah

I have been away on business for a few weeks and just now am getting back to this.

I reinstalled IE7 and it seems to be working, however the link you gave me to Kapersky scanner does not seem to be working. When I click on Accept nothing is happening - it does not ask to install Acrtive X nor does it take me to another page.

Please advise.

Thanks
  • 0

#15
kahdah
Posted 21 March 2008 - 07:37 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP